diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-02-02 21:48:01 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-02-02 21:48:01 -0800 |
| commit | 99a7f470b93d35717f8d5979d05da6cf05a1dd20 (patch) | |
| tree | b6f9cd28d834ec665551909815658d65618b0aa1 /modules/gallery/helpers/auth.php | |
| parent | 6e1b761b12e13566875804c33efe2ae130ffa32e (diff) | |
Protect password changes against brute force attacks.
Diffstat (limited to 'modules/gallery/helpers/auth.php')
| -rw-r--r-- | modules/gallery/helpers/auth.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 16f8915a..717cf40a 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -78,10 +78,16 @@ class auth_Core { } } + static function validate_too_many_failed_password_changes($password_input) { + if (self::too_many_failed_logins(identity::active_user()->name)) { + $password_input->add_error("too_many_failed_password_changes", 1); + } + } + /** * Record a failed login for this user */ - static function record_failed_login($name) { + static function record_failed_auth_attempts($name) { $failed_login = ORM::factory("failed_login") ->where("name", "=", $name) ->find(); @@ -96,7 +102,7 @@ class auth_Core { /** * Clear any failed logins for this user */ - static function record_successful_login($user) { + static function clear_failed_logins($user) { db::build() ->delete("failed_logins") ->where("name", "=", $user->name) |